[3.1.6] | Fix CodeQL and Rozlyn warnings (#2428) and (#2432) (#2515)

dauinsight · arellegue · web-flow · commit 552045315509 · 2024-05-17T14:08:42.000-07:00
* Fix CodeQL and Rozlyn warnings (#2428) and (#2432) --------- Co-authored-by: Aris Rellegue <134557572+arellegue@users.noreply.github.com>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs
@@ -1001,13 +1001,14 @@ private static string ToFriendlyName(this SslProtocols protocol)
             {
                 name = "TLS 1.0";
             }
-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)
             {
                 name = "SSL 3.0";
             }
             else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)
-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 name = "SSL 2.0";
             }
@@ -1027,9 +1028,10 @@ private static string ToFriendlyName(this SslProtocols protocol)
         public static string GetProtocolWarning(this SslProtocols protocol)
         {
             string message = string.Empty;
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             if ((protocol & (SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11)) != SslProtocols.None)
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());
             }
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))
             {
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
                 protocolVersion = (int)SslProtocols.Ssl3;
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))
             {
                 protocolVersion = (int)SslProtocols.Ssl2;
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
             {
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
@@ -243,6 +243,10 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
                 chain.ChainPolicy.ExtraStore.Add(cert);
             }
 
+            // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
+            // A certificate is simply used as a key pair consisting of a public and private key. This is by design.
+
+            // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
             chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
 
             if (!chain.Build(healthReportCert))

Original file line number	Diff line number	Diff line change
`@@ -1001,13 +1001,14 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`1001`	`1001`	`{`
`1002`	`1002`	`name = "TLS 1.0";`
`1003`	`1003`	`}`
`1004`		`-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated`
	`1004`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`1005`	`+#pragma warning disable CS0618, CA5397`
`1005`	`1006`	`else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)`
`1006`	`1007`	`{`
`1007`	`1008`	`name = "SSL 3.0";`
`1008`	`1009`	`}`
`1009`	`1010`	`else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)`
`1010`		`-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated`
	`1011`	`+#pragma warning restore CS0618, CA5397`
`1011`	`1012`	`{`
`1012`	`1013`	`name = "SSL 2.0";`
`1013`	`1014`	`}`
`@@ -1027,9 +1028,10 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`1027`	`1028`	`public static string GetProtocolWarning(this SslProtocols protocol)`
`1028`	`1029`	`{`
`1029`	`1030`	`string message = string.Empty;`
`1030`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`1031`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`1032`	`+#pragma warning disable CS0618, CA5397`
`1031`	`1033`	`if ((protocol & (SslProtocols.Ssl2 \| SslProtocols.Ssl3 \| SslProtocols.Tls \| SslProtocols.Tls11)) != SslProtocols.None)`
`1032`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`1034`	`+#pragma warning restore CS0618, CA5397`
`1033`	`1035`	`{`
`1034`	`1036`	`message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());`
`1035`	`1037`	`}`
Original file line number	Diff line number	Diff line change
`@@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)`
`413`	`413`	`}`
`414`	`414`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))`
`415`	`415`	`{`
`416`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`416`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`417`	`+#pragma warning disable CS0618, CA5397`
`417`	`418`	`protocolVersion = (int)SslProtocols.Ssl3;`
`418`	`419`	`}`
`419`	`420`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))`
`420`	`421`	`{`
`421`	`422`	`protocolVersion = (int)SslProtocols.Ssl2;`
`422`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`423`	`+#pragma warning restore CS0618, CA5397`
`423`	`424`	`}`
`424`	`425`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))`
`425`	`426`	`{`
Original file line number	Diff line number	Diff line change
`@@ -243,6 +243,10 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection`
`243`	`243`	`chain.ChainPolicy.ExtraStore.Add(cert);`
`244`	`244`	`}`
`245`	`245`
	`246`	`+ // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.`
	`247`	`+ // A certificate is simply used as a key pair consisting of a public and private key. This is by design.`
	`248`	`+`
	`249`	`+ // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.`
`246`	`250`	`chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;`
`247`	`251`
`248`	`252`	`if (!chain.Build(healthReportCert))`